Let programs call tor_main with a preconstructed control socket

At the ooni/tor/embedding meeting, we mentioned the idea of having a way for programs that want to call tor_main to pass a control socket to tor_main, so that they don't need to have tor listening on a control port at all.

changed milestone to %Tor: 0.3.3.x-final

added component::core tor/tor milestone::Tor: 0.3.3.x-final owner::nickm parent::23684 priority::medium resolution::implemented review-group-24 s8-api severity::normal sponsor::8 status::closed tor-mobile type::enhancement labels

Trac:
Status: new to accepted
Milestone: Tor: 0.3.4.x-final to Tor: 0.3.3.x-final
Owner: N/A to nickm

Specified in my torspec branch owning_control_fd.

Implementation in my tor branch owning_control_fd.

Trac:
Status: accepted to needs_review

review-group-24 is now open.

Trac:
Keywords: N/A deleted, review-group-24 added

Trac:
Sponsor: N/A to Sponsor8

5bcd8dc5c482da4da71402cd06b0ecc709f05493, 4eb5753bd29b24fd5a523499add35a6214293cd9, f0daaf8d60be8bfcfaa99e3a878cd90967a84bb0, and f1bf9bf8198fcfaf078fdc12eb2ad5adf1901d29 All looks good to me.

Trac:
Status: needs_review to merge_ready

Okay. I'll wait a little bit to see if the mobile people have any comments.

Adding Mike here as well in case he wants to check out if the interface is useful for him.

Trac:
Cc: darkk, brade, mcs, sbs, hellais to darkk, brade, mcs, sbs, hellais, mtigas

Trac:
Keywords: N/A deleted, s8-api added

sbs and I looked at this.

The torspec and tor diffs look good.

One thing to be careful about though is that when the socket is closed (as per TAKEOWNERSHIP behavior), when you "shut down" Tor, you must not call exit(). This may be differ from how OwningControllerProcess behaves.

Moreover lack of windows support may be an issue for us (as that is also a target platform for Measurement Kit), but I guess for the time being we can avoid using this option there.

Also as mentioned in https://trac.torproject.org/projects/tor/ticket/23845#comment:12, it would be useful to document that for non windows platforms it's recommended to set this option when constructing a tor_main_configuration_t to pass to tor_run_main.

I was also wondering:

1. assuming that tor_socket_t is similar to evutil_socket_t, whether we can pass a socket on Windows to obtain the same effect

2. if this function to set an owning socket is thread safe (I don't know enough on Tor internals to say whether it's obviously thread safe or not)

Trac:
Username: sbs

Replying to hellais:

sbs and I looked at this.

The torspec and tor diffs look good.

One thing to be careful about though is that when the socket is closed (as per TAKEOWNERSHIP behavior), when you "shut down" Tor, you must not call exit(). This may be differ from how OwningControllerProcess behaves.

Right! All of the exit handling is in a different ticket, #23848 (moved).

Moreover lack of windows support may be an issue for us (as that is also a target platform for Measurement Kit), but I guess for the time being we can avoid using this option there.

So, this actually will work on windows, but not from the command line. You have to construct a socketpair instead, and you can't pass those around between processes as fd's... but in-process, it will work fine.

Also as mentioned in https://trac.torproject.org/projects/tor/ticket/23845#comment:12, it would be useful to document that for non windows platforms it's recommended to set this option when constructing a tor_main_configuration_t to pass to tor_run_main.

I'm waiting for the #23845 (moved) merge for that. I think, as a followup, it would make sense to actually have a C API to set this up without having to use the command line. Fortunately, tor_run_main() is extensible.

Replying to sbs:

I was also wondering:

1. assuming that tor_socket_t is similar to evutil_socket_t, whether we can pass a socket on Windows to obtain the same effect

They're similar, but it's going to be a little hacking to get this working on windows: Sockets aren't treated as fds in a nice inheritable way on Windows. But in-process, it should work fine, if we make a fake socketpair with the usual tricks.

2. if this function to set an owning socket is thread safe (I don't know enough on Tor internals to say whether it's obviously thread safe or not)

It should only ever be called from the Tor main thread, so it should be safe.

merged to master; torspec branch merged too.

Trac:
Status: merge_ready to closed
Resolution: N/A to implemented

closed

moved to tpo/core/tor#23900 (closed)